<?PHP
// NOTE: You cannot display the data in a browser, since the resultpage is called in the background
// Collect return values and store them in a file, database, send them by email etc.
// EXAMPLE: Send an e-mail with data
// Set keys we wish to read from $_POST array

//fields that is recieved from the callback
//see http://doc.quickpay.dk/paymentwindow/technicalspecification.html#index2h3 for more information 
$fields = array('msgtype','ordernumber','amount','currency','time','state','qpstat','qpstatmsg','chstat','chstatmsg','merchant','merchantemail','transaction','cardtype','cardnumber','cardexpire','acquirer','splitpayment','fraudprobability','fraudremarks','fraudreport','fee','md5check');

//variable to collect values for the md5 check
$cstr = '';

foreach ( $fields as $key ){
	if (isset($_POST[$key])) {
		$message .= "$key: " .$_POST[$key] . "\r\n";
		if( 'md5check' != $key ){
			$cstr .= $_POST[$key];
		}
	}
}

$md5secret = '9ead3e386702116bc6aec0819a668e0d0902a6e728e85fe16002d591f37564d8';

if( $_POST['md5check'] != md5($cstr.$md5secret) ){
	//md5 check failed - request cannot be from quickpay
	error_log('Invalid request received on quickpay callback');
	error_log( print_r( $_POST , true ) );
	header("HTTP/1.0 400 Bad request");
	die();
}

$db = JFactory::getDBO();
$on=$_POST['ordernumber'];
$tid=$_POST['transaction'];
	/*$db->setQuery("UPDATE #__user_payment
	SET tid=$tid
	WHERE id=$on");*/
	$db->setQuery("INSERT #__user_payment
	(id,tid) VALUES
	($on,$tid)");
$db->query();
/*[V] reason: withdraw after 14 days trial
require_once JPATH_SITE."/_cj/qpapi.php";
$total=file_get_contents('tpm.idx');
$qp = new Quickpay('33760310', '9ead3e386702116bc6aec0819a668e0d0902a6e728e85fe16002d591f37564d8');
//$qp->testmode(TRUE);
$res=$qp->recurring(time()."s", $total*100, 'DKK', $tid, TRUE);
*/
// Send an email with the data posted to your resultpage
mail('hj@fitplan.dk', 'resultpage', $message);